Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News

Hacking & Security News

Page: 12... 168 169 170 171 172 173 174 175 out of 175

Debian Security Advisory - zope | 2001-03-10 15:43:11
This advisory covers several vulnerabilities in Zope that have been addressed.
Packages : zope
Vulnerability : several
Type : remote
Debian-specific: no
Fixed version : zope 2.1.6-7

Debian Security Advisory - slrn | 2001-03-10 15:34:11
Bill Nottingham reported a problem in the wrapping/unwrapping functions of the slrn newsreader. A long header in a message might overflow a buffer and which could result into executing arbitraty code encoded in the message.

The default configuration does not have wrapping enable, but it can easily be enabled either by changing the configuration or pressing W while viewing a message.

Vulnerability in Novell Netware | 2001-03-10 15:28:08
Novell Netware allows a user to log into a Novell Network by using a Printer Server as the username. By default, Novell Print Servers have blank passwords. In addition, Novell Print Servers do not have intruder detection capability as a user account would, so they are vulnerable to a brute force attack without risk of account lockout. When a Print Server is logged into as a User, the account will have the same rights as are assigned to the container that it resides in.

Debian Security Advisory - glibc | 2001-03-10 15:23:13
The version of GNU libc that was distributed with Debian GNU/Linux 2.2 suffered from 2 security problems:

* It was possible to use LD_PRELOAD to load libraries that are listed in /etc/ld.so.cache, even for suid programs. This could be used to create (and overwrite) files which a user should not be allowed to.

* by using LD_PROFILE suid programs would write data to a file to /var/tmp, which was not done safely. Again, this could be used to create (and overwrite) files which a user should not have access to.

Microsoft Security Advisory - WebDAV | 2001-03-10 15:11:29
WebDAV is an extension to the HTTP protocol that allows remote authoring and management of web content. In the Windows 2000 implementation of the protocol, IIS 5.0 performs initial processing of all WebDAV requests, then forwards the appropriate commands to the WebDAV process. However, a flaw exists in the way WebDAV handles a particular type of malformed request. If a stream of such requests were directed at an affected server, it would consume all CPU availability on the server.

Zen and the Art of Breaking Security - Part II | 2001-03-09 10:52:22
Today we will continue our journey into the less explored ways to break security. Part one has explained what Zen has to do with the topic.

Since computing equipment uses electrical power to function, manipulating the voltage becomes an obvious target. A handy but coarse attack would be to blow the circuit up into smoke by applying the 110/220V voltage to it. Not elegant and a bit dangerous, but perfectly valid in the real world if this is what it takes to access a bank safe.

Savant web server vulnerability | 2001-03-09 00:05:50
Savant web server has been written by Michael Lamont (http://savant.sourceforge.com) it is very configurable freeware http deamon for win95/98. It's current version is 3.0

SunFTP Unauthorized File Access Vulnerability | 2001-03-09 00:01:33
SunFTP is a freeware ftp server written by Rasmus J.P. Allenheim and associates for the Windows platform...

Running Snort on IIS Web Servers Part 2: Advanced Techniques | 2001-03-08 09:34:42
Introduction
Intrusion detection is the process of monitoring a network to identify, and thereby prevent, malicious network-based attacks. This process can be automated by a software application or hardware device known as an Intrusion Detection System or IDS. An IDS provides a wide range of monitoring techniques including packet sniffing, file integrity monitoring, and even artificial intelligence algorithms that detect anomalies in network traffic.

Debian Security Advisory DSA-038-1 - sgml tools | 2001-03-08 09:08:47
Former versions of sgml-tools created temporary files directly in /tmp in an insecure fashion. Version 1.0.9-15 and higher create a subdirectory first and open temporary files within that directory.

Linux-Mandrake Security Update Advisory | 2001-03-08 08:58:19
Several potential buffer overflows in the ePerl package have been found by Fumitoshi Ukai and Denis Barbier. When eperl is installed setuid root, it can switch to the UID/GID of the script's owner. Although Linux-Mandrake does not ship the program setuid root, this is a useful feature which some users may have activated locally on their own. There is also the potential for a remote vulnerability as well.

Ksnuffle (KDE network sniffer) | 2001-03-08 08:51:47
KSnuffle has been added to the downloaded area. I have seen the screenshots, and tried it myself. Like Lilac told me..... it kicks ass.
Download
Homepage

Debian Security Advisory - proftpd | 2001-03-07 11:13:53
The following problems have been reported for the version of proftpd in Debian 2.2 (potato):

1. There is a configuration error in the postinst script, when the user enters 'yes', when asked if anonymous access should be enabled. The postinst script wrongly leaves the 'run as uid/gid root' configuration option in /etc/proftpd.conf, and adds a 'run as uid/gid nobody' option that has no effect.

2. There is a bug that comes up when /var is a symlink, and proftpd is restarted. When stopping proftpd, the /var symlink is removed; when it's started again a file named /var is created.

Microsoft Security Advisory - Internet Explorer | 2001-03-07 11:06:46
The IE security architecture provides a caching mechanism that is used to store content that needs to be downloaded and processed on the user's local machine. The purpose of the cache is to obfuscate the physical location of the cached content, in order to ensure that the web page or HTML e-mail will work through the IE security architecture to access the information. This ensures that the uses of the information can be properly restricted.

A vulnerability exists because it is possible for a web page or HTML e-mail to learn the physical location of cached content. Armed with this information, an attacker could cause the cached content to be opened in the Local Computer Zone. This would enable him to launch compiled HTML help (.CHM) files that contain shortcuts to executables, thereby enabling him to run the executables.

Debian Security Advisory DSA-031-2 | 2001-03-06 19:06:53
Todd Miller announced a new version of sudo which corrects a buffer overflow that could potentially be used to gain root privilages on the local system. This bugfix has been backported to the version which was used in Debian GNU/Linux 2.2.

Check Point Firewall-1 on Linux, Part Two | 2001-03-05 19:19:31
This article is the second in a series of three by SecurityFocus writer David "Del" Elson that looks at Check Point Firewall-1 for Linux. The first article consisted of a brief introductory overview of Firewall-1, and a discussion of installation, post-installation tasks, as well as single and multi-system installations. This installment will cover Firewall-1 concepts such as network objects, firewall rules, address translation rules, and NAT, as well as features and limitations of Firewall-1. The final article will then discuss aspects of Firewall-1 such as file and directory layout, rulesets, migrating existing Firewall-1 installation to Linux, and back-up and standby configurations.

SecurityFocus

Secure Newsletter #4 | 2001-03-05 04:02:43
Secure issue #4 has been released. Newsletter's archive is here.
If you haven't subscribed yet, consider it. (subscribe here)

Microsoft may disable upgraded PCs | 2001-03-04 05:52:34
Users who upgrade their PCs may find they will not work when switched back on, under the software giant's plan to use an artificial intelligence engine to deactivate illegal copies of Windows XP.

Microsoft exec tells how hacker got in | 2001-03-02 18:36:43
A top Microsoft executive revealed yesterday how a hacker was able to view some of the company's top-secret source code last October, shedding light on a notorious attack that raised concern worldwide about network security.

Hacker nabs top secret US space codes | 2001-03-02 18:12:12
An unidentified computer hacker has got hold of top secret US computer system codes for guiding spaceships, rockets and satellites, a lawyer in Sweden said Friday.

Linux 2.4: Next Generation Kernel Security | 2001-03-02 18:05:48
One of the most obvious and significant improvements in the 2.4 kernel is the packet filtering capabilities. However, there are a number of other improvements that make Linux one of the most secure operating systems available.

Ultimate Bulletin Board [IMG] Tag Javascript Embedding Vulnerability | 2001-03-02 00:49:32
Ultimate Bulletin Board is a free software package available from Infopop. The UBB package is a web based bulletin board package designed to offer discussion forums from a web interface....

Zen and the Art of Breaking Security - Part I | 2001-03-01 21:36:20
Designing a secure solution, be it a protocol, algorithm or enterprise architecture, is far from trivial. Apart from the technical or scientific difficulties to overcome, there is a mental trap easy to fall into: looking at the picture through the eyes of the designer.
The more we work on a topic, the stronger the identification between the concept and its implementation. We often reduce the implementation to the concept, leaving nothing out of the real thing but the concept that originated it. In Zen, we are often reminded that the finger pointing to the moon is not the moon.

Cisco IOS Software TCP Initial Sequence Number | 2001-03-01 18:56:17
Cisco IOS software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers.

This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminate on the affected Cisco device itself; it does not apply to TCP traffic forwarded through the affected device in transit between two other hosts.

Immunix OS Security Advisory (#IMNX-2001-70-004-01) | 2001-02-28 15:57:42
The version of sudo shipped in Immunix OS 7.0-beta and 7.0 contains a buffer overflow of a variable that is on the heap (which StackGuard does not protect against.)
This problem was originally reported by Chris Wilson (see http://www.courtesan.com/bugzilla/show_bug.cgi?id=27 for his original bug report.) The 1.6.3p6 version of sudo was released to fix this problem.

Packages have been created and released that fix this problem.

Page: 12... 168 169 170 171 172 173 174 175 out of 175

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »